Skip to content

Instantly share code, notes, and snippets.

@KavenTheriault
Last active February 21, 2020 22:52
Show Gist options
  • Save KavenTheriault/20b234cec147a4413117b929302d95b7 to your computer and use it in GitHub Desktop.
Save KavenTheriault/20b234cec147a4413117b929302d95b7 to your computer and use it in GitHub Desktop.
Configure Nginx Reverse Proxy as failover

Configure Nginx Reverse Proxy as failover

In this exemple of configuration, if the first server fail (proxy_connect_timeout) one time (max_fails), the second server will be used for 60s (fail_timeout).

The SSL certificate need to be configure on the ReverseProxy server AND the proxyied servers. You can use the same certificate and configurations on all servers.

To test the configuration you can change your host file to simulate the correct domain name.

Use the following tool to configure SSL with optimal configuration. https://mozilla.github.io/server-side-tls/ssl-config-generator/

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
    upstream backend {
        server x.x.x.x:443 fail_timeout=60s max_fails=1;
        server x.x.x.x:443 backup;
    }

    server {
        listen 443 ssl;
        server_name lifehistory.ca www.lifehistory.ca;
        ssl_certificate /home/ubuntu/cert.pem;
        ssl_certificate_key /home/ubuntu/privkey.pem;
        location / {
            proxy_pass https://backend;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 5s;
            proxy_send_timeout 5s;
            proxy_read_timeout 5s;
            
            #optional config
            proxy_ssl_name "lifehistory.ca";
            proxy_ssl_server_name on;
        }
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment